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DETAILED ACTION 

Specification 

1 . This application does not contain an abstract of the disclosure as required by 37 
CFR 1.72(b). An abstract on a separate sheet is required. 

This application does not contain the necessary contents in the specification. A 
discussion of these contents is below. 

Content of Specification 

(f) Background of the Invention : See MPEP § 608.01(c). The specification 
should set forth the Background of the Invention in two parts: 

(1 ) Field of the Invention : A statement of the field of art to which the 
invention pertains. This statement may include a paraphrasing of 
the applicable U.S. patent classification definitions of the subject 
matter of the claimed invention. This item may also be titled 
"Technical Field." 

(2) Description of the Related Art including information disclosed under 
37 CFR 1 .97 and 37 CFR 1 .98 : A description of the related art 
known to the applicant and including, if applicable, references to 
specific related art and problems involved in the prior art which are 
solved by the applicant's invention. This item may also be titled 
"Background Art." 

(g) Brief Summary of the Invention : See MPEP § 608.01(d). A brief summary 
or general statement of the invention as set forth in 37 CFR 1 .73. The 
summary is separate and distinct from the abstract and is directed toward 
the invention rather than the disclosure as a whole. The summary may 
point out the advantages of the invention or how it solves problems 
previously existent in the prior art (and preferably indicated in the 
Background of the Invention). In chemical cases it should point out in 
general terms the utility of the invention. If possible, the nature and gist of 
the invention or the inventive concept should be set forth. Objects of the 
invention should be treated briefly and only to the extent that they 
contribute to an understanding of the invention. 
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Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

2. Claims 19- 31 are rejected under 35 U.S.C. 101 because the claimed invention of 
a computer program is directed to non-statutory subject matter. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claim 13 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claim 13 discloses "a plurality of database computer systems" wherein the claim it is 
dependent upon discloses the use of a database computer system. This particular 
wording causes the claim to be unclear, as to its limitation. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

4. Claims 1- 3,5,11-13,17,20-21,23,31-32 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Baker (US Patent 5,696,898). 
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5. As per claim 1 , Baker discloses a method for computer security to control access 
to data held on a computer system (columns 2,3 lines 66-3) as requestable datasets 
(see Fig 2. the data comprises URLs and the URLs are grouped in sets) characterized 
in that it includes: 

Allocating computer system users between a plurality of user groups, each 
user group corresponding to a respective data access category selected from a 
plurality of such categories (column 5 lines 37-43); 

Associating each dataset with a dataset access category (see fig.2 
wherein the IDs in block 215 are access categories, see column 4 lines 47-49); 
and 

Giving access to each dataset only to user group members associated 
with an appropriate data access category for that dataset (column 3 lines 8-14). 

6. As per claim 2, Baker discloses that the user groups and data access categories 
have hierarchical levels in which a higher data access category incorporates a or, as the 
case may be, each lower data access category, and the method includes allowing 
access to datasets by members of user groups associated with the data access 
category levels equal to and higher that those to which such datasets correspond 
(column 5 lines 6-12). 

7. As per claim 3, Baker discloses a method characterized in that each user is 
associated with a computer based identifying means and the method includes the step 
of determining a user's identity from the identifying means (column 3 lines 54-56 and 
column 4 lines 36-39). 
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8. As per claim 5, Baker discloses that the datasets are web pages and the method 
includes the step of gaining access to the computer network via the Internet or the 
World-Wide-Web (column 2 line 3 - column 3 line 8). 

9. As per claim 1 1 , Baker discloses the data maintained on a database computer 
system (World Wide Web), and dataset access is given by access control software 
operated on a separate access control computer system (see Fig.1 block 112) and a 
user gains access to data by means of access request software running on a user 
computer system separate from the database and access control computer systems 
(see Fig. 1 blocks 107-109). 

Baker does not explicitly state that the access control or the access request 
methods are on software, but one skilled in the art would clearly see that without 
explicitly saying software, the method that Baker discloses and implements must be run 
on and therefore inherently includes software at the user, access control, and database 
systems. 

10. As per claim 12, Baker discloses a firewall at the access control system (see Fig. 
1 block 113). 

11. As per claim 13, Baker discloses the data is maintained on a plurality of database 
computer systems and in response to a data request the access control software 
determines whether or not corresponding data access is appropriate after relaying the 
request to a dataset computer system having such data (column 4 lines 7-15). 

1 2. As per claim 1 7, Baker characterizes the step of giving access to a dataset 
includes unencrypted transfer of data from datasets to which access is granted (column 
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5 line 45; it is known to one of ordinary skill in the art that the http protocol includes 
unencrypted pages). 

13. Claim 1 9 is rejected for disclosing the same subject matter as claim 1 . One of 
ordinary skill in the art can clearly see that the method disclosed would inherently 
include a computer program so that it could be implemented. 

14. Claim 20 is rejected for disclosing the same subject matter as claim 2. 

15. Claim 21 is rejected for disclosing the same subject matter as claim 3. 

16. Claim 23 is rejected for disclosing the same subject matter as claim 5. 

1 7. Claim 31 is rejected for disclosing the same subject matter as claim 1 7. 

18. Claim 32 is rejected for disclosing the same subject matter as claim 1 , wherein 
the network access controller is found in Baker (Fig 1 number 112). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S,C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

19. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Baker as 

applied to claim 3 above, and further in view of Davis et al. "An Implementation of MLS 



on a Network of Workstations Using X.500/509". 
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Baker does not disclose the use of X.509 certificates as the computer based 
identifying means. 

Davis discloses the X.509 certificate on page 553 under heading B. titled: Access 
Server Model. 

Davis is analogous art because it discusses a computer security system similar 
to Baker. 

It would have been obvious at the time of the invention for one of ordinary skill in 
the art to modify Baker to include the use of X.509 certificates to identify the system 
users. 

Motivation for one of ordinary skill in the art at the time of the invention to modify 
Baker as discussed above would have been to "provide a framework of authentication 
services by the directory to its users" (Davis, page 548 under heading B). 

Therefore, it would have been obvious to modify Baker to include X.509 
certificates in order to provide authentication services to its users. 
20. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Baker as 
applied to claim 3 above, and further in view of Edd et al. (US PgPub 2002/0184255). 

Baker discloses that the datasets are web pages, but does not disclose that the 
step of associating each dataset with a dataset access category comprises inserting 
meta tags in html web page code. 

Edd discloses the use of meta tags in html web page code to associate dataset 
access categories (column 9 section 1035) wherein the "security information" could be 
considered the access categories. 
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Edd is analogous art because it describes security techniques for databases of 
information, particularly web pages or Internet content. 

It would have been obvious at the time of the invention for one of ordinary skill in 
the art to modify Baker to include the use of meta tags to associate the datasets with a 
dataset access category. 

Motivation for one of ordinary skill in the art at the time of the invention to modify 
Baker as discussed above would have been to standardize the association of security 
information with the data (column 9 section 1035). 

21 . Claims 7-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Baker as applied to claim 1 above, in view of Davis and further in view of Harn "ID- 
based Cryptographic Schemes for User Identification, Digital Signature, and Key 
Distribution." 

22. As per claim 7, Baker discloses the method of claim 1 while Davis further 
discloses the use of X.509 certificates that describe authentication procedures using 
public and private key encryption methods for signing data and identifying users. 

Baker and Davis do not disclose a challenge response exchange regarding user 
identification before the step of giving access to a dataset. 

Harn discloses a scheme, wherein "user identification can be achieved directly 
through a challenge-response type procedure." The steps of the scheme include using 
a private key to sign test data (wherein the data is a randomly selected odd number) 
provided by the access control computer system and forwarding the signed data and 
identifying means to the access control computer system; and using the access control 
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computer system to verify the identifying means, verify the user by using the public key 
to verify the signed data, and determine user group and associated data access 
category from the identifying means (page 758). It would be obvious for one of ordinary 
skill in the art to see that the user group and data access category information, while not 
explicitly stated, could be included in the identification data. 

Harn is analogous art to Davis, as it pertains to authentication and identification 
schemes using public and private keys. 

It would have been obvious at the time of the invention to modify Baker with 
Davis as shown above in claim 4 and further to modify Davis to include a challenge- 
response exchange wherein the access control computer system assigns test data. 

Motivation for one of ordinary skill in the art at the time of the invention to modify 
Baker-Davis as discussed above would be to "provide user identification and digital 
signature" as taught in Harn (page 757). 

23. Claim 8 is rejected as discussed above. 

24. As per claim 9 discussed above, Harn discloses the test data is random data. 

25. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Baker as 
applied to claim 1 above, in view of Davis, and further in view of McNabb (US Patent 
6,289,462). 

Baker discloses the method of claim 1 while Davis discloses providing database 
access to a first kind of user having a user certificate for identification purposes. 

Neither Baker nor Davis discloses granting database access to a second kind of * 
user lacking a user certificate. 
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McNabb discloses allowing database access to unauthorized users as 
anonymous access (column 18 lines 5-7 lines and column 22 lines 44-46). While 
McNabb doesn't explicitly describe an authentication method using certificates, one of 
ordinary skill in the art could easily see that the authorization method in McNabb could 
be performed with user certificates. 

McNabb is analogous art because it relates to a security method that grants 
access privileges based on security-level attributes. 

Motivation for one of ordinary skill in the art to modify Baker/Davis to include 
access for users without certificates would be to allow access of public or non-sensitive 
data held on the database. 

26. Claims 14-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Baker as applied to claim 1 , and further in view of Hayman (US Patent 5,859,966). 

27. As per claim 14, Baker discloses the method of claim 1 , but does not disclose 
that the data access categories and the user groups and datasets with which they are 
associated are assigned numerical values. 

Hayman does disclose that numerical values are assigned to the data access 
categories and the user groups and datasets with which they are assigned (column 8 
line 16-18) and inherently explains the step of giving dataset access involves comparing 
user group and dataset numerical values to determine whether or not access is to be 
granted or denied. It is not an object of Hayman's invention to assign numerical 
numbers, but Hayman. references mandatory access protocol (MAC) as described in the 
specification of the applicant wherein the MAC labels are stored as numeric values. 
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28. As per claim 15, Hayman discloses that the data access categories have 
different sections each with a section numerical value and the step of comparing 
numerical values comprises comparing section numerical values of corresponding 
sections of user group and dataset numerical values (column 8 line 16-18 wherein the 
sections are referred to as categorical components). 

29. As per claim 16, Hayman discloses that access to a dataset is provided only if all 
section comparisons are satisfied (column 8 39-45). 

30. Claim 18 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Baker/Hayman as applied to claim 16 and further in view of Netscape (Netscape 
Messaging Server Version 3.0 Administrator's Guide, Netscape Communications 
Corporation, 1995 pages 57-58). 

Baker and Hayman disclose the method according to claim 16 as discussed 

above. 

Baker and Hayman do not disclose the step of running checking/blocking 
software on the user computer system to screen incoming data for encryption to block 
unwanted data content. 

The Administrator's Guide discloses an SSL package that allows the user to 
configure a specific port to block encrypted data. 

The Administrator's Guide is analogous art because it relates to how data is 
handled over a network. 

Motivation for one of ordinary skill in the art at the time of the invention to modify 
Baker-Hayman to include blocking software would be to allow the user the ability to* 
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specify the level of encryption for receiving and managing data as taught in Netscape 
page 57. 

31 . Claim 22 is rejected for disclosing the same subject matter as claim 4. 

32. Claim 24 is rejected for disclosing the same subject matter as claim 6. 

33. Claim 25 is rejected for disclosing the same subject matter as claim 7. 

34. Claim 26 is rejected for disclosing the same subject matter as claim 8. 

35. Claim 27 is rejected for disclosing the same subject matter as claim 9. 

36. Claim 28 is rejected for disclosing the same subject matter as claim 10. 

37. Claim 29 is rejected for disclosing the same subject matter as claim 12. 

38. Claim 30 is rejected for disclosing the same subject matter as claim 14. 

39. Claim 33 is rejected for disclosing the same subject matter as claim 14. 

40. Claim 34 is rejected for disclosing the same subject matter as claim 10. 

41. Claim 35 is rejected under 35 U.S.C. 103(a) as being unpatentable over Baker as 
applied to claim 19 and 32 above, and Davis as applied to claim 4. Wherein the 
computer network for database access is that which is shown in Baker, Fig.1 . 

42. Claim 36 is rejected for disclosing the same subject matter as claim 6. 

43. Claim 37 is rejected for disclosing the same subject matter as claim 5. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Bludau whose telephone number is 571- 
272-3722. The examiner can normally be reached on Monday -Friday 8:00-5:30. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Brandon S Bludau 

Examiner 
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